22.1 Introduction to Configuring Referential Integrity

Referential integrity is the process of maintaining consistent relationships among sets of data. If referential Integrity is enabled in Oracle Internet Directory, whenever you update an entry in the directory, the server also updates other entries that refer to that entry. For example, if you remove a user's entry from the directory, and the user is a member of a group, the server also removes the user from the group. If referential integrity is not enabled, the user remains a member of the group until manually removed. Referential integrity is not enabled by default.

22.4 Enabling Referential Integrity by Using the Command Line

You enable referential integrity in the directory by using ldapmodify to change the value of the parameter orclRIenabled in the DSA Configuration entry:

cn=dsaconfig,cn=configsets,cn=oracle internet directory.

You can set the value to either 1 or 2.

Setting a value of 1 enables referential integrity for GroupofNames and GroupofUniqueNames.

Setting a value of 2 for orclRIenabled enables referential integrity for GroupofNames and GroupofUniqueNames and for specific configured attributes. The next section describes configuring specific attributes.

22.5 Configuring Specific Attributes for Referential Integrity by Using the Command Line

When orclRIenabled is set to 2, referential integrity is enabled for GroupofNames, GroupofUniqueNames, and for specific configured attributes.

You configure specific attributes for referential integrity by using catalog with the arguments rienable=TRUE, add=true, and attribute=name_of_attribute. This adds the attribute to orclRIattr, which contains the list of DN syntax attributes to which referential integrity applies. You remove an attribute from referential integrity by using catalog with the arguments rienable=TRUE, delete=true, and attribute=name_of_attribute. This removes the attribute from orclRIattr.

Notes:

You cannot change the value of orclRIattr by using ldapmodify. You must use the catalog command.

Remember that the ORACLE_INSTANCE environment variable must be set when you use catalog.

22.6 Disabling Referential Integrity by Using the Command Line

To disable referential integrity in the directory, set the value of orclRIenabled to 0 in the DSA Configuration entry:

cn=dsaconfig,cn=configsets,cn=oracle internet directory.

22.7 Detecting and Correcting Referential Integrity Violations

When you try to enable referential integrity, if there are underlying violations in the DIT, you get an error. You must run the oiddiag tool to look at the violations, rectify them, and then enable referential integrity. The oiddiag tool has an option, OidDiagDC10, to report all the referential integrity violations. in LDIF format. That LDIF file can be used with ldapmodify tool to fix all reported entries. The steps are as follows:

Run oiddiag with the option listdiags=true. The default output file is ORACLE_INSTANCE/diagnostics/logs/OID/tools/oiddiag.txt.